Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The forcedAssignments property is set to false. It means, if there are any assignemnts, midPoint evaluates them as disabled and so user cannot perform post-atuhentication. Therefore there is one additional configuration needed and it is forcedAssignment. In this part, it is specified if there are any special roles which has to be enforced by login. It means that in fact, user doesn't have this role assigned, but while the user is in the proposed state, midPoint will pretend that this role is assigned to him. It is recommended to specify the role for post-authentication. You can put there any authorizations needed for post-atuhentication. After the post-authentication is successful, this role no more "belongs" to the user. After successful post-authentication normal assignments are taken into account.

See alsoAuthorization